{"id":80117,"date":"2017-10-26T06:00:21","date_gmt":"2017-10-26T13:00:21","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=80117"},"modified":"2025-05-27T20:32:48","modified_gmt":"2025-05-28T03:32:48","slug":"analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/","title":{"rendered":"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826"},"content":{"rendered":"

McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented<\/a> research on the Office OLE mechanism; in 2016 at the\u00a0BlueHat conference,<\/a> we looked at the high-level attack surface of Office; and this year at the SYSCAN360 Seattle conference, we presented deep research on the critical Office \u201cMoniker\u201d<\/a> zero-day vulnerabilities.<\/p>\n

This month, Microsoft released an\u00a0update<\/a>\u00a0for an Office zero-day attack. We examined an in-the-wild sample, and with this post we share our findings to help others understand the threat.<\/p>\n

Steps to Archive the Full Exploitation<\/h2>\n

The sample arrives as an RTF file, and embeds at least three objects (through the control word \u201c\\object\u201d). This is a memory corruption vulnerability, so it needs additional steps to archive the full exploitation.<\/p>\n

1. The first object, in the following figure, shows that it loads a COM object whose CLASSID is D5DE8D20<\/em>-5BB8-11D1-A1E3-00A0C90F2731.<\/em><\/p>\n

\"\"<\/p>\n

 <\/p>\n

If we look into the Windows registry, we see that the COM DLL C:\\Windows\\system32\\msvbvm60.dll<\/em> will be loaded. The purpose of loading this DLL is that msvbvm60.dll<\/em> is not compatible with address space layout randomization (ASLR), thus it can be used to bypass ASLR and data execution prevention (DEP) on older Office versions. (We will explain later.) This is not a new trick; researcher Parvez Anwar described<\/a> this process in 2015.<\/p>\n

2. The second object is a .docx file that employs the ActiveX.bin technique to spray the heap, also not a new trick. McAfee Labs first identified this exploitation technique in a zero-day attack discovery<\/a> in 2013; our colleague Debasish Mandal discussed<\/a> this technique in one of his recent posts.<\/p>\n

3. The third object is the cause of this vulnerability. It is an embedded .docx file. When this .docx is rendered, a memory corruption vulnerability is triggered. Specifically, we have identified the problem is due to mishandling of nested tags in the Office Open XML format. The key tags follow:<\/p>\n

\"\"<\/p>\n

With help from the first and the second steps, an attacker can hijack the program\u2019s control flow to a predictable address in msvbvm60.dll\u2019s code by exploiting the memory corruption vulnerability. This is the classic step of \u201cstack pivot\u201d for defeating ASLR and DEP. (See the next figure.) Following the return-oriented programming chain and shellcode comes the main payload, which we will not discuss in this post.<\/p>\n

\"\"<\/p>\n

This exploitation technique works only on older Office versions. Since Office 2013, Microsoft has employed the security feature Forced-ASLR. As its name suggests, the feature forces the randomization of a module\u2019s loading address even if the DLL is not ASLR compatible. Thus this in-the-wild attack can work only on Office 2010 and older versions. Nonetheless, because the underlying vulnerability does affect newer versions of Office, we recommend that all Office users install the official patch<\/a> as soon as possible.<\/p>\n

For McAfee NSP customers, we have released signature 0x45219c00 (UDS-HTTP: Microsoft Office Memory Corruption Vulnerability (CVE-2017-11826)) to prevent this attack.<\/p>\n

Thanks to my\u00a0colleague Bing Sun for his help with the analysis.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

McAfee Labs has performed frequent analyses of Office-related threats over the years: In 2015, we presented research on the Office…<\/p>\n","protected":false},"author":610,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[4452,4827,5238],"coauthors":[2524],"class_list":["post-80117","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-cybersecurity","tag-vulnerability","tag-zero-day"],"acf":[],"yoast_head":"\nAnalyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability<\/title>\n<meta name=\"description\" content=\"Microsoft released an\u00a0update\u00a0for an Office zero-day attack. We examined an in-the-wild sample, and share our findings to help others.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability\" \/>\n<meta property=\"og:description\" content=\"Microsoft released an\u00a0update\u00a0for an Office zero-day attack. We examined an in-the-wild sample, and share our findings to help others.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-10-26T13:00:21+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T03:32:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/image-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"740\" \/>\n\t<meta property=\"og:image:height\" content=\"53\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Haifei Li\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Haifei Li\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/\"},\"author\":{\"name\":\"Haifei Li\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444\"},\"headline\":\"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826\",\"datePublished\":\"2017-10-26T13:00:21+00:00\",\"dateModified\":\"2025-05-28T03:32:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/\"},\"wordCount\":514,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png\",\"keywords\":[\"cybersecurity\",\"vulnerability\",\"zero day\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/\",\"name\":\"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png\",\"datePublished\":\"2017-10-26T13:00:21+00:00\",\"dateModified\":\"2025-05-28T03:32:48+00:00\",\"description\":\"Microsoft released an\u00a0update\u00a0for an Office zero-day attack. We examined an in-the-wild sample, and share our findings to help others.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444\",\"name\":\"Haifei Li\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/88c52c07fcacd190468a32af554e5f36\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g\",\"caption\":\"Haifei Li\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/haifeili\/\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/haifei-li\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability","description":"Microsoft released an\u00a0update\u00a0for an Office zero-day attack. We examined an in-the-wild sample, and share our findings to help others.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability","og_description":"Microsoft released an\u00a0update\u00a0for an Office zero-day attack. We examined an in-the-wild sample, and share our findings to help others.","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-10-26T13:00:21+00:00","article_modified_time":"2025-05-28T03:32:48+00:00","og_image":[{"width":740,"height":53,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/10\/image-1.png","type":"image\/png"}],"author":"Haifei Li","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Haifei Li","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/"},"author":{"name":"Haifei Li","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444"},"headline":"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826","datePublished":"2017-10-26T13:00:21+00:00","dateModified":"2025-05-28T03:32:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/"},"wordCount":514,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png","keywords":["cybersecurity","vulnerability","zero day"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/","name":"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png","datePublished":"2017-10-26T13:00:21+00:00","dateModified":"2025-05-28T03:32:48+00:00","description":"Microsoft released an\u00a0update\u00a0for an Office zero-day attack. We examined an in-the-wild sample, and share our findings to help others.","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/10\/image-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/analyzing-microsoft-office-zero-day-exploit-cve-2017-11826-memory-corruption-vulnerability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Analyzing Microsoft Office Zero-Day Exploit CVE-2017-11826: Memory Corruption Vulnerability"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/fd18845cc3f27ed398648df8cc802444","name":"Haifei Li","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/88c52c07fcacd190468a32af554e5f36","url":"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/49ae79ecae2f1bff04cb595e12d9cc72?s=96&d=mm&r=g","caption":"Haifei Li"},"sameAs":["https:\/\/www.linkedin.com\/in\/haifeili\/"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/haifei-li\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/80117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/610"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=80117"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/80117\/revisions"}],"predecessor-version":[{"id":214507,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/80117\/revisions\/214507"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=80117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=80117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=80117"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=80117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}